@bogdan we've had to do this multiple times in the past. The best we could do is watch where requests actually came from and have the other end whitelist them either individually or wide swaths of network subnet address space.